But it wasn't until this meme that I really realized how much we were all looking at the wrong thing.

Samsung's defense was saying that information was only transmitted after the keyword was uttered... but that's not the case across the board. Some of the other voice recognition folks store that data anyway, and not on your home system. For example, Google says that the data's stored, but unless you're logged in, it's kept anonymously and not tied to your account. For services like Siri and Alexa and Google Now, simple commands might be processed on your device, but more complex answers are sent to a remote server that provides the response. And Cortana on Windows 10 seems to be still transmitting data - of some kind - even when disabled.

Which means that device is not only "always on", but is potentially always transmitting. Sure, sure, there's privacy policies. Hell, there's groups like the newly-founded Voice Privacy Industry Group setting up "best practices" for companies.

There's a reason why "white-hat" hackers release info about security holes right away. They want problems can be solved so nobody can exploit them. Not so the CIA. They wanted to keep listening in, and didn't think of the consequences.

And that's when we're talking about devices that get updated frequently. When you've got an older device - or one that's not from the biggest names - you may not see security updates for a long time.

While we're at it, don't forget that Internet Of Things stuff - you know, like Alexa or the single press buy buttons from Amazon. Or your CCTV. Or your printer. Or your router. Or your modem?

Yes, Alexa (and Google Echo) get OTA updates. But the smaller devices? Heck no. Have you ever checked to see if there was an update for your router or modem? And if you did check, was there one? There have been real exploits that effected routers and modems in the last three years.

Spies lie professionally, remember?

Let's remember that - predating Trump - the NSA, FBI, and CIA have twisted the law (or outright lied) about spying on US citizens. They collected everything from records of most phone calls made in the USA, an unknown (but presumably large) number of e-mails, Facebook posts, and instant messages, "massive" amounts of internet data, and finally, lots of actual phone calls.

How'd they manage that? Turns out that with a global network like the internet, it's not that uncommon for some of your traffic to go outside the country, which makes it legal for them to spy on you. And if they got a bunch of extra data too, well, that was just a big whoopsie. TERRORISM and all that.

Oh right, new decade. ISIL and all that.

Anyway, those didn't really require any special exploits like the ones in the last leak. Those made it easier, but the spies didn't really need it. Because there's still one more giant problem.

The Biggest Problem

Top everything above with a big steaming pile of cooperation from your ISP. (AT&T gets named a lot, but they weren't the only one that got outed - and that's assuming that we know about all the ones participating.)

That's the same ISP which is currently salivating. The GOP is giving them the opportunity to sell all your browsing and personal information without bothering to ask you first, so I'm pretty sure that your ISP is ready to roll over anytime they're asked.

And probably some times before they're asked.

Let's be clear. This is your ISP - the company that has a near-monopoly in your area - keeping track of every site you visit, then both selling it and offering that information up to people spying on you.

Sure, maybe the NSA/CIA/FBI don't have direct access to the servers at Google and Facebook and Amazon.

In some ways, this is like having a deadbolt on a standard door. A determined attacker (or spy) will get through, no matter what you do.

But that doesn't mean we should go around leaving our doors - virtual or not - unlocked and wide open.

Got nothing to hide?

And please, for those about to say "I have nothing to hide", go read the links at the bottom of the post - and if you still think that way, just send me a copy of every e-mail, text message, and letter you've ever sent. Add in the GPS data from your phone. Add in every web page that you've ever visited - even in "incognito mode".

To paraphrase Cardinal Richelieu, "If one would give me six day's full browser history of even the most honest person and I would find something in it to make them look awful."

Disclosure of Material Connection

Some of the links in the posts above are “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission. Regardless, I only recommend products or services I use personally and believe will add value to my readers. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”

All pictures are either mine, sourced from unsplash or another public domain site, or link directly back to the source of the picture for attribution purposes.

I have small ads from Project Wonderful on this site (here's why). Please whitelist Project Wonderful in Ghostery and add an exception rule for Adblock Plus: @@||projectwonderful.com^